chore: merge main into develop #2892
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- "main" | |
- "develop" | |
- "release/**" | |
tags: | |
- "v[0-9]+.[0-9]+.[0-9]+" | |
pull_request: | |
branches: [ main, develop, "release/**" ] | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} | |
cancel-in-progress: true | |
jobs: | |
meta: | |
runs-on: ubuntu-latest | |
outputs: | |
matrix_supportedSplunk: ${{ steps.matrix.outputs.supportedSplunk }} | |
steps: | |
- uses: actions/checkout@v4 | |
- id: matrix | |
uses: splunk/[email protected] | |
fossa-scan: | |
continue-on-error: true | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- run: | | |
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash | |
fossa analyze --debug | |
fossa report attribution --format text > /tmp/THIRDPARTY | |
env: | |
FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }} | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: THIRDPARTY | |
path: /tmp/THIRDPARTY | |
- run: | | |
fossa test --debug | |
env: | |
FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }} | |
pre-commit: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: "3.7" | |
- uses: pre-commit/[email protected] | |
semgrep: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- id: semgrep | |
uses: semgrep/semgrep-action@v1 | |
with: | |
publishToken: ${{ secrets.SEMGREP_PUBLISH_TOKEN }} | |
compliance-copyrights: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: apache/[email protected] | |
build-ui: | |
name: Build UCC UI | |
strategy: | |
matrix: | |
node-version: | |
- "20" | |
uses: ./.github/workflows/build-ui.yml | |
with: | |
node-version: ${{ matrix.node-version }} | |
build: | |
needs: | |
- fossa-scan | |
- build-ui | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: "3.7" | |
- uses: actions/download-artifact@v4 | |
with: | |
name: UCC-UI-build | |
path: built-ui/ | |
- uses: actions/download-artifact@v4 | |
if: "! github.event.pull_request.head.repo.fork " | |
with: | |
name: THIRDPARTY | |
- run: cp -f THIRDPARTY NOTICE | |
if: "! github.event.pull_request.head.repo.fork " | |
- run: curl -sSL https://install.python-poetry.org | python3 - --version 1.5.1 | |
- run: poetry install | |
- name: Check docs | |
run: poetry run mkdocs build --strict | |
- name: Build UCC | |
run: | | |
cp -R built-ui/. splunk_add_on_ucc_framework/package/appserver/static/js/ | |
poetry build | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: UCC-build | |
path: dist/ | |
test-unit: | |
runs-on: ubuntu-latest | |
continue-on-error: true | |
strategy: | |
matrix: | |
python-version: | |
- "3.7" | |
- "3.8" | |
- "3.9" | |
- "3.10" | |
- "3.11" | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- run: curl -sSL https://install.python-poetry.org | python3 - --version 1.5.1 | |
- run: | | |
poetry install | |
poetry run pytest --cov=splunk_add_on_ucc_framework --cov-report=xml tests/unit | |
test-smoke: | |
name: test-smoke ${{ matrix.python-version }} | |
needs: | |
- build | |
runs-on: ubuntu-latest | |
continue-on-error: true | |
strategy: | |
matrix: | |
python-version: | |
- "3.7" | |
- "3.8" | |
- "3.9" | |
- "3.10" | |
- "3.11" | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- uses: actions/download-artifact@v4 | |
with: | |
name: UCC-UI-build | |
path: built-ui/ | |
- run: curl -sSL https://install.python-poetry.org | python3 - --version 1.5.1 | |
- run: | | |
cp -R built-ui/. splunk_add_on_ucc_framework/package/appserver/static/js/ | |
poetry install | |
poetry run pytest tests/smoke | |
build-test-addon: | |
runs-on: ubuntu-latest | |
needs: | |
- build-ui | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: "3.7" | |
- uses: actions/download-artifact@v4 | |
with: | |
name: UCC-UI-build | |
path: built-ui/ | |
- run: curl -sSL https://install.python-poetry.org | python3 - --version 1.5.1 | |
- run: | | |
cp -R built-ui/. splunk_add_on_ucc_framework/package/appserver/static/js/ | |
poetry install --only main | |
- run: poetry run ucc-gen build --source tests/testdata/test_addons/package_global_config_everything/package | |
- run: ./scripts/include-rum.sh output/Splunk_TA_UCCExample/appserver/templates/base.html scripts/rum-script.html "$RUM_ACCESS_TOKEN" | |
env: | |
RUM_ACCESS_TOKEN: ${{ secrets.RUM_ACCESS_TOKEN}} | |
- run: poetry run ucc-gen package --path output/Splunk_TA_UCCExample | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: Splunk_TA_UCCExample-raw-output | |
path: output/* | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: Splunk_TA_UCCExample-packaged | |
path: Splunk_TA_UCCExample*.tar.gz | |
test-ui: | |
name: test-ui Splunk ${{ matrix.splunk.version }} -m ${{ matrix.test-mark }} | |
if: | | |
github.base_ref == 'main' || | |
github.ref_name == 'main' || | |
github.base_ref == 'develop' || | |
github.ref_name == 'develop' || | |
contains(github.event.pull_request.labels.*.name, 'run-ui-tests') | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
contents: read | |
checks: write | |
continue-on-error: true | |
needs: | |
- meta | |
- build-test-addon | |
- build | |
- test-unit | |
- test-smoke | |
strategy: | |
matrix: | |
splunk: ${{ fromJson(needs.meta.outputs.matrix_supportedSplunk) }} | |
test-mark: | |
- "logging" | |
- "proxy" | |
- "account" | |
- "custom" | |
- "alert" | |
- "input" | |
- "configuration" | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: "3.7" | |
- uses: actions/download-artifact@v4 | |
with: | |
name: Splunk_TA_UCCExample-raw-output | |
path: output/ | |
- run: | | |
curl -sSL https://install.python-poetry.org | python3 - --version 1.5.1 | |
poetry install --only dev | |
- name: Link chromedriver | |
# Use installed chromedriver https://github.com/actions/runner-images/blob/main/images/linux/Ubuntu2204-Readme.md | |
run: | | |
export PATH=$PATH:$CHROMEWEBDRIVER | |
chromedriver --version | |
- run: | | |
./run_splunk.sh ${{ matrix.splunk.version }} | |
until curl -Lsk "https://localhost:8088/services/collector/health" &>/dev/null ; do echo -n "Waiting for HEC-" && sleep 5 ; done | |
timeout-minutes: 5 | |
- run: poetry run pytest tests/ui -m "${{ matrix.test-mark }}" --headless --junitxml=test-results/junit.xml | |
- uses: actions/upload-artifact@v4 | |
if: success() || failure() | |
with: | |
name: test-results-ui-${{ matrix.splunk.version }}-${{ matrix.test-mark }} | |
path: test-results/* | |
- uses: dorny/test-reporter@v1 | |
if: success() || failure() | |
with: | |
name: test-report-ui-${{ matrix.splunk.version }}-${{ matrix.test-mark }} | |
path: "test-results/*.xml" | |
reporter: java-junit | |
appinspect-for-expected-outputs: | |
name: splunk-appinspect ${{ matrix.tags }} tests/testdata/expected_addons/expected_output_global_config_everything/Splunk_TA_UCCExample | |
runs-on: ubuntu-latest | |
continue-on-error: true | |
strategy: | |
matrix: | |
tags: | |
- "cloud" | |
- "appapproval" | |
- "deprecated_feature" | |
- "developer_guidance" | |
- "future" | |
- "self-service" | |
- "splunk_appinspect" | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: "3.7" | |
- run: curl -sSL https://install.python-poetry.org | python3 - --version 1.5.1 | |
- name: Package tests/expected_output_global_config_everything/Splunk_TA_UCCExample | |
run: | | |
poetry install | |
mkdir tests/packaged | |
poetry run ucc-gen package --path tests/testdata/expected_addons/expected_output_global_config_everything/Splunk_TA_UCCExample -o tests/packaged | |
- uses: splunk/[email protected] | |
with: | |
app_path: tests/packaged | |
included_tags: ${{ matrix.tags }} | |
appinspect_manual_checks: tests/testdata/expected_addons/expected_output_global_config_everything/.appinspect.manualcheck.yaml | |
appinspect_expected_failures: tests/testdata/expected_addons/expected_output_global_config_everything/.appinspect.expect.yaml | |
release: | |
needs: | |
- build | |
- compliance-copyrights | |
- fossa-scan | |
- test-unit | |
- test-smoke | |
- test-ui | |
- appinspect-for-expected-outputs | |
- semgrep | |
- pre-commit | |
runs-on: ubuntu-latest | |
if: "! github.event.pull_request.head.repo.fork " | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# Very important: semantic-release won't trigger a tagged | |
# build if this is not set false | |
persist-credentials: false | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: "3.7" | |
- run: curl -sSL https://install.python-poetry.org | python3 - --version 1.5.1 | |
- uses: actions/download-artifact@v4 | |
with: | |
name: UCC-UI-build | |
path: built-ui/ | |
- uses: actions/download-artifact@v4 | |
with: | |
name: THIRDPARTY | |
- run: cp -f THIRDPARTY NOTICE | |
- run: poetry install | |
- name: Copy built UCC UI into UCC generator folder | |
run: | | |
cp -R built-ui/. splunk_add_on_ucc_framework/package/appserver/static/js/ | |
- id: semantic | |
uses: splunk/[email protected] | |
with: | |
git_committer_name: ${{ secrets.SA_GH_USER_NAME }} | |
git_committer_email: ${{ secrets.SA_GH_USER_EMAIL }} | |
gpg_private_key: ${{ secrets.SA_GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.SA_GPG_PASSPHRASE }} | |
extra_plugins: | | |
semantic-release-replace-plugin | |
env: | |
GITHUB_TOKEN: ${{ secrets.GH_TOKEN_ADMIN }} | |
- if: ${{ steps.semantic.outputs.new_release_published == 'true' }} | |
run: | | |
poetry build | |
poetry publish -n -u ${{ secrets.PYPI_USERNAME }} -p ${{ secrets.PYPI_TOKEN }} |